At home there are multiple users on one computer along with one person who manages and act as administrator. Creating a new account in Windows is few clicks but soon you might start hearing complaints of forgotten password, need of new software, connection not working and so on. So if you act as admin of computer at your home, This series on Manage Windows User Accounts will help you from user accounts point of view.
This article we will learn how you can create, manage a windows account, create password, set expiration time, find weak passwords, unlock accounts and reset password when required.
Before starting make sure you have an Administrator Account you can confirm on that by reading this isAdmin How to guide. In case you are not, share this guide with the person who is. I am using Windows 7 as an OS here.
Always create password for new user account :
Let us start from the basics. When you create a User account, by default windows never ask you to create password for that account. It only asks what is the type for that account, standard or administrator. Once you create it takes you back to the All users screen where you see the list of users in your computer.
The real job start here. Make it a golden rule that when you create a new user account, you create a password for that account. Though you can always have an account without a password but if you are making it for someone at your home, who always will use the computer, give them their own space and privacy.
Once you create the account, just click on the user from the user list of the screen and you will see details of what you can do with that account. Click on Create a Password for that account.
When creating password, you can follow two methods. First you create a random password for him or you make the person sit with you and then create one. If he or she can sit along with you setting a password hint is best used.
However if it is not possible make sure you educate the person on doing that. Tell him not to put his password in the password hint and keep a strong password. This will be useful for him next time when he or she changes the password.
Always set accounts with Password that expires :
Strong Password are not permanent solution and keeping one password for your entire life can be a disaster. This is your Golden Rule 2 be it any account, Keep changing passwords periodically.
So now how do you make accounts on your computer to change password ? Asking them is a decent way but many a times we don’t understand the importance or we just forget. So the other option is to make them change password after few days which can be anything you want to set. The best would be to at least change once per month.
To set this up in windows follow the steps below as these options are not available directly when you either create the user or even go to create password for it.
- Click on Start and on search box type lusrmgr.msc ( Local User and Groups Manager ]
- Select Users > Select one user > properties.
- The window which opens has one option as checked > Password Never Expires.
- Uncheck this and close.
Next step will be to send reminders to the users few days before the password expires and account gets locked.
- Type gpedit.msc on run prompt > Navigate to Computer Configuration >Windows Settings > Security Settings > Local Policies > Security Options
- Click on option which says Interactive logon: Prompt user to change password before expiration.
- This determines how far in advance (in days) users are warned that their password is about to expire. With this advance warning, the user has time to construct a password that is sufficiently strong.
How to unlock an account with password expired ?
That should have been on your mind with my last statement in the above section. When a user does not change the expiring password it gets locked and only an admin can unlock it. Follow the steps below :
- Click on Start and on search box type lusrmgr.msc ( Local User and Groups Manager ]
- Select Users > Select user whose account is locked > properties.
- Now if an account is locked, you will see the check box checked which says ‘Account is locked out’
- Unchecking and then save will unlock the account.
The the important step. Make sure you also check the User Must change password at next logon. This makes sure the user has changed the password to one he can remember.
Scan for users with Weak Passwords
Though it is not possible to find what password a user has kept but it is definitely possible to do a password test. This can be done using the Microsoft Baseline Security Analyzer ( download link )which performs a Local Account Password Test along with other security scans. I recommend this tool heavily for Windows users and it works for even for Windows Server 2008 r2 along with Windows 7, find more what more it can do.
When you run the security analyzer you should see the Local Account Password Test result as first if it applies for you. Here is a sample below :
The best part of this scan is that it also tells you on how to correct this. Click on Result Details to see which accounts have weak password along with disabled accounts and locked out accounts.
Reset / change the Password :
When you see a weak password, you can always remind the user of that personally or you can change it yourself and then tell him. Make sure you at least have a word with him or her before that.
Go to User Accounts once you are logged into your account and then select the person with weak password. Now click on option which says Change password. Add a strong password and give a proper hint. There is another option which says Remove Password which I will strongly suggest NOT to use.
Make sure you do share the password with the user else he or she wont be able to login to the account.